The report that could not survive its references

EY Canada published a 44-page cybersecurity report called Points of Attack: Uncovering Cyber Threats and Fraud in Loyalty Systems. The subject was exactly the kind of thing a Big Four consultancy likes to own: loyalty programs, fraud risk, cyber controls, and enough executive anxiety to make a slide deck feel billable.

Then GPTZero went citation hunting.

On May 14, 2026, GPTZero published an investigation saying the EY report contained widespread hallucinated references, broken URLs, fake or misattributed sources, contradictory statistics, and text that scanned as heavily AI-written. The report did not use conventional academic footnotes. It cited sources directly in the text and in a resources table near the end of the PDF. That table was where the rot showed most clearly: source titles that did not map to real publications, URLs that led nowhere useful, and claims that seemed to have been laundered from low-quality secondary material into an EY-branded cyber report.

The public consequence came quickly. Consulting.ca reported on May 19 that EY Canada had removed the study from its website after GPTZero's investigation. The Indian Express and Information Age also covered the withdrawal, noting EY's statement that it was reviewing the circumstances that led to the report's publication. EY also said the report was not connected to work for a client.

That distinction matters contractually. It matters less reputationally. A professional-services firm does not need to bill a client for a report before the report can damage its credibility. Publishing expert content is part of the sales motion. If the expertise is glued together with fake references, the sales motion starts looking less like thought leadership and more like a confidence trick with better typography.

What GPTZero found

GPTZero said it manually checked the report's references after running its hallucination-detection workflow. The examples were not subtle.

The report allegedly cited a McKinsey "Loyalty Economics Report" that GPTZero could not find because it appears not to exist. It pointed to a supposed Gartner document that did not resolve to a real publication. It referenced Forbes, Wired, TechCrunch, and Cisco Talos pages that were broken, generic, or unmatched to the titles and claims in the EY report. In several cases, the cited source looked plausible enough to pass a skim but collapsed once someone tried to open the thing.

GPTZero also flagged numeric claims. One example concerned a $200 billion figure related to loyalty points. The report appeared to use the number in more than one way, attributing related claims to different or nonexistent sources. Another claim about loyalty-program theft or fraud appeared without the kind of supporting source a reader would need to evaluate it.

These are not cosmetic errors. A cybersecurity report about fraud controls lives or dies by evidence. If it tells readers that loyalty programs are being exploited at some scale, or that a certain volume of rewards points sits unused, the sourcing is part of the product. The report is asking readers to believe a risk picture. Bad citations make that picture unverifiable.

AI certainty without citation discipline

EY has not publicly laid out a precise tool chain for how the document was produced. The safest phrasing is that GPTZero and subsequent coverage described the report as containing apparent AI hallucinations and AI-written text, and EY removed it after the investigation. That is enough for the failure mode without pretending to know more than the public record supports.

The failure mode is familiar anyway. Large language models are very good at producing citation-shaped objects: titles with the right vocabulary, publishers that sound appropriate, author names or outlet names with a whiff of authority, and URLs that look normal until somebody clicks them. They are much worse at guaranteeing the reference exists and supports the claim. That mismatch is deadly in professional work because the output looks finished before it has been checked.

The point of hiring EY rather than asking a chatbot for "ten loyalty fraud stats" is supposed to be judgment, verification, and institutional accountability. The firm sells control environments. It advises clients on governance. It markets responsible AI. A report with fake references is awkward anywhere; in that context, it is the consultant version of a fire-safety inspector arriving with a flamethrower and a loose definition of "site visit."

Why this belongs here

This fits the Graveyard because it is not merely a company having a bad opinion about AI. A major consulting firm published a public report that researchers found was filled with fake or broken references and AI-like errors. The report was then removed. The harm was reputational, informational, and procedural: readers could have treated bad claims as credible because the EY logo gave them a suit and a conference badge.

GPTZero also warned about a secondary effect: once a polished, high-traffic report goes online, its claims can be picked up by journalists, bloggers, search systems, and AI tools. GPTZero said Points of Attack had already surfaced in newspapers, blog posts, and AI search overviews. That is the poisoned-reference problem in miniature. A fake source inside a credible-looking PDF does not stay politely inside the PDF. It gets scraped, summarized, quoted, and eventually cited by someone who assumes a Big Four consultancy probably checked its work.

EY Canada did the correct first public step by taking the report down. The harder lesson is upstream. If a report goes out under a professional-services brand, every citation has to be treated as a claim, not as decorative trim. Someone has to open the source, confirm the title, verify the URL, read the relevant passage, and check that the source actually supports the sentence it is attached to.

That work is boring. That is why it is valuable. AI can make a bibliography look complete in seconds. It still cannot make a fake McKinsey report become real just because the phrase sits comfortably in a table on page 42.